Change homepage_url to application_base_url

2011-06-27 16:44:18 -07:00 · 2011-06-27 16:44:18 -07:00 · 240eb78b08
commit 240eb78b08
parent 17917528f6
9 changed files with 51 additions and 52 deletions
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@ -32,18 +32,18 @@ class AuthorizationsController < ApplicationController
      render :text => "bad request: #{params.inspect}", :status => 403
      return
    end
-      packaged_manifest = JSON.parse(RestClient.get("#{app_url}/manifest.json").body)
+      packaged_manifest = JSON.parse(RestClient.get("#{app_url}manifest.json").body)
      public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
      manifest = JWT.decode(packaged_manifest['jwt'], public_key)

      message = verify(signed_string, Base64.decode64(params[:signature]), public_key, manifest)
      if not (message =='ok')
        render :text => message, :status => 403
-      elsif manifest["homepage_url"].match(/^http:\/\/(localhost:\d+|chubbi\.es|cubbi\.es)$/).nil?
-        # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially, 
-        # whatever we release people will try to work off of and it sucks to build things on top of non-stable things. 
-        # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled 
-        # ruby project a breeze.  
+      elsif manifest["application_base_url"].match(/^http:\/\/(localhost:\d+|chubbi\.es|cubbi\.es)\/$/).nil?
+        # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially,
+        # whatever we release people will try to work off of and it sucks to build things on top of non-stable things.
+        # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled
+        # ruby project a breeze.

        render :nothing => true
      else
@ -79,7 +79,7 @@ class AuthorizationsController < ApplicationController
    nonce = split[3]

    return 'blank public key' if public_key.n.nil?
-    return 'the app url in the manifest does not match the url passed in the parameters' if manifest["homepage_url"] != app_url
+    return 'the app url in the manifest does not match the url passed in the parameters' if manifest["application_base_url"] != app_url
    return 'key too small, use at least 2048 bits' if public_key.n.num_bits < 2048
    return "invalid time" unless valid_time?(time)
    return 'invalid nonce' unless valid_nonce?(nonce)
--- a/app/models/oauth2_provider_models_activerecord_client.rb
+++ b/app/models/oauth2_provider_models_activerecord_client.rb
@ -1,4 +1,4 @@
-class OAuth2::Provider::Models::ActiveRecord::Client 
+class OAuth2::Provider::Models::ActiveRecord::Client
  def self.create_or_reset_from_manifest!(manifest, pub_key)
    if obj = find_by_name(manifest['name'])
      obj.oauth_identifier = OAuth2::Provider::Random.base62(16)
@ -10,7 +10,7 @@ class OAuth2::Provider::Models::ActiveRecord::Client
        :name => manifest["name"],
        :permissions_overview => manifest["permissions_overview"],
        :description => manifest["description"],
-        :homepage_url => manifest["homepage_url"],
+        :application_base_url => manifest["application_base_url"],
        :icon_url => manifest["icon_url"],
        :public_key => pub_key.export
      )
--- a/app/views/authorizations/index.html.haml
+++ b/app/views/authorizations/index.html.haml
@ -14,13 +14,13 @@
        .stream_element{:id => app.id}
          .right
            = link_to t('.revoke_access'), authorization_path(:id => app.id), :method => :delete, :confirm => 'are you sure?', :class => "button"
-          
+
          - if app.icon_url
-            = image_tag(app.homepage_url + app.icon_url, :class => "avatar")
+            = image_tag(app.application_base_url + app.icon_url, :class => "avatar")

          .content
            %div.from
-              = link_to app.name, app.homepage_url
+              = link_to app.name, app.application_base_url
            = app.description

    - else
--- a/app/views/authorizations/new.html.haml
+++ b/app/views/authorizations/new.html.haml
@ -1,6 +1,6 @@
 #authorize
  #application-description
-    = image_tag(@client.homepage_url + @client.icon_url, :id => 'client-application-image')
+    = image_tag(@client.application_base_url + @client.icon_url, :id => 'client-application-image')
    %br
    %strong
      = @client.name
--- a/db/migrate/20110623210918_add_o_auth2_support.rb
+++ b/db/migrate/20110623210918_add_o_auth2_support.rb
@ -1,20 +1,20 @@
 class AddOAuth2Support < ActiveRecord::Migration
  def self.up
    create_table 'oauth_clients', :force => true do |t|
-      t.string   'name',             :limit => 127, :null => false
-      t.text     'description',                     :null => false
-      t.string   'homepage_url',     :limit => 127, :null => false
-      t.string   'icon_url',         :limit => 127, :null => false
+      t.string   'name',                 :limit => 127, :null => false
+      t.text     'description',                         :null => false
+      t.string   'application_base_url', :limit => 127, :null => false
+      t.string   'icon_url',             :limit => 127, :null => false

-      t.string   'oauth_identifier', :limit => 32,  :null => false
-      t.string   'oauth_secret',     :limit => 32,  :null => false
-      t.string   'nonce',            :limit => 64
-      t.text     'public_key',                      :null => false
-      t.text     'permissions_overview',            :null => false
+      t.string   'oauth_identifier',     :limit => 32,  :null => false
+      t.string   'oauth_secret',         :limit => 32,  :null => false
+      t.string   'nonce',                :limit => 64
+      t.text     'public_key',                          :null => false
+      t.text     'permissions_overview',                :null => false
    end

    add_index :oauth_clients, :name, :unique => true
-    add_index :oauth_clients, :homepage_url, :unique => true
+    add_index :oauth_clients, :application_base_url, :unique => true
    add_index :oauth_clients, :nonce, :unique => true

    create_table 'oauth_authorization_codes', :force => true do |t|
@ -56,7 +56,7 @@ class AddOAuth2Support < ActiveRecord::Migration
    drop_table 'oauth_authorization_codes'

    remove_index :oauth_clients, :column => :nonce
-    remove_index :oauth_clients, :column => :homepage_url
+    remove_index :oauth_clients, :column => :application_base_url
    remove_index :oauth_clients, :column => :name

    drop_table 'oauth_clients'
--- a/db/schema.rb
+++ b/db/schema.rb
@ -226,7 +226,7 @@ ActiveRecord::Schema.define(:version => 20110623210918) do
  create_table "oauth_clients", :force => true do |t|
    t.string "name",                 :limit => 127, :null => false
    t.text   "description",                         :null => false
-    t.string "homepage_url",         :limit => 127, :null => false
+    t.string "application_base_url", :limit => 127, :null => false
    t.string "icon_url",             :limit => 127, :null => false
    t.string "oauth_identifier",     :limit => 32,  :null => false
    t.string "oauth_secret",         :limit => 32,  :null => false
@ -235,7 +235,7 @@ ActiveRecord::Schema.define(:version => 20110623210918) do
    t.text   "permissions_overview",                :null => false
  end

-  add_index "oauth_clients", ["homepage_url"], :name => "index_oauth_clients_on_homepage_url", :unique => true
+  add_index "oauth_clients", ["application_base_url"], :name => "index_oauth_clients_on_application_base_url", :unique => true
  add_index "oauth_clients", ["name"], :name => "index_oauth_clients_on_name", :unique => true
  add_index "oauth_clients", ["nonce"], :name => "index_oauth_clients_on_nonce", :unique => true

--- a/spec/chubbies/app.rb
+++ b/spec/chubbies/app.rb
@ -44,11 +44,10 @@ module Chubbies
    d.private_key_path = File.dirname(__FILE__) + "/chubbies.private.pem"
    d.public_key_path = File.dirname(__FILE__) + "/chubbies.public.pem"
    d.test_mode = true
-    d.application_url = "http://localhost:9292"
+    d.application_base_url = "localhost:9292/"

    d.manifest_field(:name, "Chubbies")
    d.manifest_field(:description, "The best way to chub.")
-    d.manifest_field(:homepage_url, "http://localhost:9292")
    d.manifest_field(:icon_url, "#")

    d.manifest_field(:permissions_overview, "Chubbi.es wants to post photos to your stream.")
@ -73,10 +72,10 @@ module Chubbies
    get '/account' do
      if params['id'] && user = User.where(:id => params['id']).first
        if user.access_token
-          begin 
+          begin
            @resource_response = user.access_token.token.get("/api/v0/me")
            haml :response
-          rescue OAuth2::AccessDenied 
+          rescue OAuth2::AccessDenied
            "Token invalid"
          end
        else
--- a/spec/controllers/authorizations_controller_spec.rb
+++ b/spec/controllers/authorizations_controller_spec.rb
@ -13,19 +13,19 @@ describe AuthorizationsController do
  end

  before do
-    sign_in :user, alice 
+    sign_in :user, alice
    @controller.stub(:current_user).and_return(alice)

    @time = Time.now
    Time.stub(:now).and_return(@time)
    @nonce = 'asdfsfasf'
-    @signed_string = ["http://chubbi.es",'http://pod.pod',"#{Time.now.to_i}", @nonce].join(';')
+    @signed_string = ["http://chubbi.es/",'http://pod.pod',"#{Time.now.to_i}", @nonce].join(';')
    @signature = @private_key.sign(OpenSSL::Digest::SHA256.new, @signed_string)

    @manifest =   {
        "name"         => "Chubbies",
        "description"  => "The best way to chub.",
-        "homepage_url" => "http://chubbi.es",
+        "application_base_url" => "http://chubbi.es/",
        "icon_url"     => "#",
        "permissions_overview" => "I will use the permissions this way!",
      }
@ -35,7 +35,7 @@ describe AuthorizationsController do
    before do
      packaged_manifest = {:public_key => @public_key.export, :jwt => JWT.encode(@manifest, @private_key, "RS256")}.to_json

-      stub_request(:get, "http://chubbi.es/manifest.json"). 
+      stub_request(:get, "http://chubbi.es/manifest.json").
        to_return(:status => 200, :body =>  packaged_manifest, :headers => {})

      @params_hash = {:type => 'client_associate', :signed_string => Base64.encode64(@signed_string), :signature => Base64.encode64(@signature)}
@ -46,14 +46,14 @@ describe AuthorizationsController do
        manifest =   {
          "name"         => "Chubbies",
          "description"  => "The best way to chub.",
-          "homepage_url" => url,
+          "application_base_url" => url,
          "icon_url"     => "#",
          "permissions_overview" => "I will use the permissions this way!",
        }

        packaged_manifest = {:public_key => @public_key.export, :jwt => JWT.encode(manifest, @private_key, "RS256")}.to_json

-        stub_request(:get, "#{url}/manifest.json"). 
+        stub_request(:get, "#{url}manifest.json").
          to_return(:status => 200, :body =>  packaged_manifest, :headers => {})

        @signed_string = [url,'http://pod.pod',"#{Time.now.to_i}", @nonce].join(';')
@ -62,21 +62,21 @@ describe AuthorizationsController do
      end

      it 'renders something for chubbies ' do
-        prepare_manifest("http://chubbi.es")
+        prepare_manifest("http://chubbi.es/")
        @controller.stub!(:verify).and_return('ok')
        post :token,  @params_hash
        response.body.blank?.should be_false
      end

      it 'renders something for cubbies ' do
-        prepare_manifest("http://cubbi.es")
+        prepare_manifest("http://cubbi.es/")
        @controller.stub!(:verify).and_return('ok')
        post :token,  @params_hash
        response.body.blank?.should be_false
      end

      it 'renders something for localhost' do
-        prepare_manifest("http://localhost:3423")
+        prepare_manifest("http://localhost:3423/")
        @controller.stub!(:verify).and_return('ok')
        post :token,  @params_hash
        response.body.blank?.should be_false
@ -94,7 +94,7 @@ describe AuthorizationsController do
      @controller.stub!(:verify).and_return('ok')
      post :token,  @params_hash
    end
-    
+
    it 'creates a client application' do
      @controller.stub!(:verify).and_return('ok')
      lambda {
@ -108,12 +108,12 @@ describe AuthorizationsController do
        post :token,  @params_hash
      }.should_not change(OAuth2::Provider.client_class, :count)
    end
-    
+
    it 'verifies the signable string validity(time,nonce,sig)' do
-      @controller.should_receive(:verify){|a,b,c,d| 
+      @controller.should_receive(:verify){|a,b,c,d|
        a.should == @signed_string
        b.should == @signature
-        c.export.should == @public_key.export 
+        c.export.should == @public_key.export
        d.should == @manifest
      }
      post :token,  @params_hash
@ -127,8 +127,8 @@ describe AuthorizationsController do
    end

    it 'assigns the auth. & apps for the current user' do
-     app1 = Factory.create(:app, :name => "Authorized App") 
-     app2 = Factory.create(:app, :name => "Unauthorized App") 
+     app1 = Factory.create(:app, :name => "Authorized App")
+     app2 = Factory.create(:app, :name => "Unauthorized App")
     auth = OAuth2::Provider.authorization_class.create(:client => app1, :resource_owner => alice)

     OAuth2::Provider.authorization_class.create(:client => app1, :resource_owner => bob)
@ -142,13 +142,13 @@ describe AuthorizationsController do

  describe "#destroy" do
    before do
-     @app1 = Factory.create(:app) 
+     @app1 = Factory.create(:app)
     @auth1 = OAuth2::Provider.authorization_class.create(:client => @app1, :resource_owner => alice)
     @auth2 = OAuth2::Provider.authorization_class.create(:client => @app1, :resource_owner => bob)
    end
    it 'deletes an authorization' do
      lambda{
-        delete :destroy, :id => @app1.id 
+        delete :destroy, :id => @app1.id
      }.should change(OAuth2::Provider.authorization_class, :count).by(-1)
    end
  end
@ -178,9 +178,9 @@ describe AuthorizationsController do
    end

    it 'checks consistency of app_url' do
-      @controller.verify(@signed_string, @sig, @public_key, @manifest.merge({"homepage_url" => "http://badsite.com"})).should == "the app url in the manifest does not match the url passed in the parameters"
+      @controller.verify(@signed_string, @sig, @public_key, @manifest.merge({"application_base_url" => "http://badsite.com/"})).should == "the app url in the manifest does not match the url passed in the parameters"
    end
-    
+
    it 'checks key size' do
      short_key = RSA.generate(100)
      RSA.stub!(:new).and_return(short_key)
@ -219,13 +219,13 @@ describe AuthorizationsController do
  describe 'valid_nonce' do
    before do
      @nonce = "abc123"
-      Factory.create(:app, :nonce => @nonce) 
+      Factory.create(:app, :nonce => @nonce)
    end

    it 'returns true if its a new nonce' do
      @controller.valid_nonce?("lalalala").should be_true
    end
-    
+
    it 'returns false if the nonce was already used' do
      @controller.valid_nonce?(@nonce).should be_false
    end
--- a/spec/factories.rb
+++ b/spec/factories.rb
@ -114,7 +114,7 @@ end

 Factory.define(:app, :class => OAuth2::Provider.client_class) do |a|
  a.sequence(:name) { |token| "Chubbies#{token}" }
-  a.sequence(:homepage_url) { |token| "http://chubbi#{token}.es/" }
+  a.sequence(:application_base_url) { |token| "http://chubbi#{token}.es/" }

  a.description "The best way to chub on the net."
  a.icon_url "/images/chubbies48.png"